Cisco CUCM Flaw βοΈ, KDDI 14M Data Leak π§, Scattered Spider Hackers Plead π·οΈ
TLDR InfoSec
Retained excerpt
Attackers are exploiting CVE-2026-20230 in Cisco Unified Communications Manager to gain root access through an unauthenticated SSRF path TLDR TLDR INFORMATION SECURITY 2026-06-29 π ATTACKS & VULNERABILITIES XSS-TO-ROOT ATTACK DELIVERS MALICIOUS CODE VIA WI-FI SSID OR LORA NODE NAME (2 MINUTE READ) Security researcher Sasha Romijn demonstrated an XSS attack vector that delivers malicious code over the air through Wi-Fi SSIDs or LoRa node names, exploiting infrastructure web interfaces that render these network identifiers without proper sanitization. The vulnerability is especially dangerous in environments that rely on outdated embedded browsers with infrequent security updates, where a successful injection can escalate from script execution to root access on the underlying device. Defenders should audit management interfaces that display SSID or node name fields, apply input sanitization and output encoding to those components, and update embedded browsers to current versions whereβ¦
This limited excerpt is retained to explain the source trail. Rights remain with the original publisher.